Method and System For Dual Layer Authentication For Electronic Payment Request In Online Transactions

ABSTRACT

Increasing the security of online payment requests by introducing a dual-layer authentication system for accessing the funds and/or credit through payment cards is described. An additional check regarding the identity of a card user to be included within a traditional security protocols for these cards, wherein the additional check is based on an authentication channel which is external to the user&#39;s card. A device owned by the legitimate card owner certifies that the user of the card at any given instant is the legitimate owner of the card and not someone else. To process this additional information, a connection by means of a proximity based device is established.

TECHNICAL FIELD

The present invention relates to electronic payment requests and more particularly to a method, system and computer program for authenticating an electronic payment request with an increased level of security during online, transactions.

BACKGROUND

Use of bank cards, credit cards, debit cards or cash cards for making payments is becoming more and more frequent. These payment systems are relatively secure because they employ extensive security mechanisms. Usually a secret code must be provided by a purchaser and authenticated by a bank, to authorise the movement of funds from the purthaser's account to the vendor. Recent years have seen rapid growth in the use of credit cards and/or debit cards to purchase merchandise at point-of-sale locations, through public telephones or over the Internet. During these purchase transactions, some personal data is publicly released, albeit in a very limited way.

However, in view of the inherently public nature of telephone networks and/or the Internet, this personal information is at risk of interception. Identity theft is recognised as an increasingly important crime, wherein, despite all of the security checks used to authenticate and protect personal information, a credit/debit card may be cloned and used by malicious persons to rob money from the bank account of a legitimate user. In fact, in view of the almost instantaneous nature of today electronic transactions, even temporary ownership of a credit (or other payment) card could allow a malicious user to make a large number of payments either particularly through Internet.

US patent application Publication No. 2006/0131390 describes a system for providing a notification of a pending transaction request and obtaining an authorisation therefore from a cardholder. The system includes a phone number of a mobile device assigned to receive an authorisation request for a respective account. When a transaction request is received, the system identifies the phone number of the mobile device assigned to receive authorisation request messages for the account requesting the transaction. The system generates and transmits an authorisation request message to the determined phone number; and a reply message is returned from the mobile device which explicitly indicates if the user of the mobile device approves or refuses this transaction.

In a similar vein, US patent application Publication No. 2004/0177040 describes a method for securing a card transaction using a mobile device which is capable of preventing the card from being embezzled and counterfeited.

Both US2006/0131390 and US2004/0177040 effectively use a mobile device to send an authorisation request and await a reply message to authorise a payment request. Thus, these systems require:

-   -   an available mobile phone network to process the payment         request;     -   a payment area which has a valid network signal (which is not         always available in multi level stores); and     -   an interaction with the user who must reply to the authorisation         request.

Other known prior art methods for enhancing the security of electronic payments are described in US applications Publication Nos. 2007/0080211 and 2007/0086469. However, these methods require some additional checks on shopping date, expense amount, user identity or supplementary secret code for payment authorization.

To solve the drawbacks of the prior art system, a co-pending application (same inventors, Filed in Europe as application number 08158820.4, also filed as U.S. application Ser. No. 12/486,073, entitled Authorizing An Electronic Payment Request) discloses a method and system for authenticating an electronic payment request made at a shop or point of sale with an additional layer of security being executed through an external device carried by the purchaser themselves. It would be desirable to extend a similar additional layer of security to those transactions which are completed through the web, without the need of a dedicated cash or sale terminal. It should be possible to complete these kinds of transactions from, for example, a home computer over the Internet.

SUMMARY OF THE INVENTION

According to the invention, there is provided a method for additional authorisation of an electronic payment request, during a main authorisation process of the electronic payment request for an online purchase by means of a browser, the browser running on a data processing device including proximity based transceiver means, the payment request being made with a payment card configured with details of at least one device in the possession of at least one owner of the card, the method comprising the steps of: suspending the main authorisation process; the proximity based transceiver means detecting the proximity of at least one portable device with whose details the payment card is configured; upon detection of at least one portable device establishing a communication session between the data processing device and the detected portable device; requesting a first code from the detected portable device; comparing the first code with a predetermined second code; resuming the main authorisation process in the event the first code substantially matches the second code.

BRIEF DESCRIPTION OF THE DRAWINGS

An embodiment of the invention is herein described, by way of example, with reference to the accompanying figures in which:

FIG. 1 is a schematic diagram of a system implementing a preferred embodiment of the present invention;

FIG. 2 is a block diagram of a computer system adapted to perform the method of a preferred embodiment of the present invention;

FIG. 3 is a schematic diagram of a preferred embodiment of the present invention; and

FIG. 4 is a flow chart of the method of the preferred embodiment.

DETAILED DESCRIPTION OF THE INVENTION

With reference in particular to FIG. 1, a system embodying the present invention is schematically represented. A network 101 (e.g., World Wide Web or Internet) allows a user to connect through a computer 103 (for example, a PC) to a number of remote servers 105. With such connection the user can perform transactions with servers 105, including online Shopping session where the purchased goods or services are paid by electronic payment means (e.g., by the use of an authorised Credit Card). It is possible that the payment is performed by connecting to a different server than the online shopping site (e.g. with a connection to a bank server). Usually the use of the card must be authorised and it is sometimes requested a PIN number; when a PIN is not requested, a check on the number and the expiry date of the card is normally done. According to a preferred embodiment of the present invention, an additional level of security check is introduced at the user computer 103. In order for the purchase to be authorised an additional check is performed, requiring the proximity of a user personal device 107, e.g., a mobile phone. In a preferred embodiment of the present invention, the authorising process exploits the proximity communication capability of the computer 103 (e.g., a Bluetooth transceiver) to interact with the external device 107. Other communication systems and protocols could be used instead, e.g., RFID or IrDA.

The preferred embodiment ensures that the authentication of a debit/credit card is not solely reliant upon the card itself. Instead, the preferred embodiment provides an additional layer of security into an authentication process, wherein this additional layer of security is executed through an external device carried by the purchaser themselves, exploiting the existing communications facilities of the computer through which the purchaser is completing the online transaction.

The current authentication system can be unchanged and the new functionality simply plugged on existing ones and offered as new service by the bank. The preferred embodiment minimally interferes with the existing security structures of banks and/or vendors. The new functionality of the preferred embodiment can be simply plugged into an existing traditional security mechanism and sold as a new service by a bank.

In contrast, with the aforementioned prior art documents, the preferred embodiment can leverage the following technologies:

(a) RFID technology to read an authorisation profile from a user-owned tag;

(b) a Bluetooth connection that is capable of:

-   -   silently reading if the user is carrying a device whose unique         identifier (e.g. cellular IMEI) matches the one specified in the         profile on the card;     -   establishing a Bluetooth handshake requiring a pin;     -   physically verifying that the user making the payment is in BT         range.

(c) Infra-red communication, or more particularly, an Infrared data association (IrDA) connection to read the authorisation code from a user-owned device/tag.

Moreover, the preferred embodiment can leverage any type of profile stored in a user's mobile device to perform a check on a payment transaction. In particular, the preferred embodiment can automatically check a specific payment against a defined user-profile (e.g. an expenditure threshold for a particular type of shopping or a daily expenditure threshold etc.).

As shown in FIG. 2, a generic computer of the system (e.g. computer, Internet server, router, remote servers) is denoted with 150. The computer 150 is formed by several units that are connected in parallel to a system bus 153. In detail, one or more microprocessors 156 control operation of the computer 150; a RAM 159 is directly used as a working memory by the microprocessors 156, and a ROM 162 stores basic code for a bootstrap of the computer 150. Peripheral units are clustered around a local bus 165 (by means of respective interfaces). Particularly, a mass memory consists of a hard-disk 168 and a drive 171 for reading CD-ROMs 174. Moreover, the computer 150 includes input devices 177 (for example, a keyboard and a mouse), and output devices 180 (for example, a monitor and a printer). A Network Interface Card 183 is used to connect the computer 150 to the network, A bridge unit 186 interfaces the system bus 153 with the local bus 165. Each microprocessor 156 and the bridge unit 186 can operate as master agents requesting an access to the system bus 153 for transmitting information. An arbiter 189 manages the granting of the access with mutual exclusion to the system bus 153. Similar considerations apply if the system has a different topology, or it is based on other networks. Alternatively, the computers have a different structure, include equivalent units, or consist of other data processing entities (such as PDAs, mobile phones; and the link).

The preferred embodiment of the present invention provides a mechanism for solving the problem of identity theft by introducing a dual-layer authentication system for accessing the funds and/or credit through payment cards through the Internet, i.e. without the need of an interaction with a shop or a point of sale. For simplicity, credit, debit, bank and cash cards etc. will be generically known henceforth as “payment cards”. The users can conclude commercial or financial transactions from their own computers provided they are connected to the Internet, possibly through a secure connection. More particularly, the preferred embodiment provides an additional check regarding the identity of a card user to be included within a traditional security protocols for these cards, wherein the additional check is based on an authentication channel which is external to the user's card. To this end, the preferred embodiment leverages the use of a device (owned by the legitimate card owner) to certify that the user of the card at any given instant is the legitimate owner of the card and not someone else.

In support of the above, the preferred embodiment includes additional information into a traditional payment card. The additional information includes features that can be used to verify the identity of the registered owner of the card. For example, the additional information could include:

-   -   a number of the registered owner's mobile phone;     -   a unique International Mobile Equipment Identity (IMEI) code of         the registered owner's mobile phone; and     -   an identifier of an RFID tag carried by the registered owner.

As shown in FIG. 3, the preferred embodiment includes an Internet browser 301 which allows the user to interact with an Online Shopping Server 303 where the user can purchase goods and/or services; such goods and services can be paid with electronic payment means, e.g., a payment card. The Browser 301 must have a pluggable component 305 installed that is able to perform the additional checks. The pluggable component 305 is adapted to check the identity of the user of a payment card based on the additional information embedded within the card. When a user enters an online shopping site, to complete the purchasing process he is normally requested to enter the traditional payment card information. According to the preferred embodiment, during the transaction validation, if the used card is enabled for dual security, the web site will recognize that a second layer of security is required. At this point, the specific plug-in 305 of the browser 301 depending on user configuration can prompt the user asking to run the second level of information retrieving step or can automatically perform the secure check. Specifically, the browser plug-in 305 will contact the selected user device 307 (e.g., a mobile telephone) to retrieve the needed information (for example, IMEI code) using, for example, a Bluetooth connection. So the browser plug-in 305 will search for device in range asking if needed for a Bluetooth code to allow handshaking with the computer where the browser 301 resides and get the profiled information. For example, a card can be released from bank to customer requiring for second layer of security a cellular phone with IMEI xxxxyyyyyzzzz and/or a confirmation pin ABCD. This additional information retrieval can be prompted to the user (to start for example Bluetooth reception on device or enter the BT pin) or can be silently performed by the browser plug-in. In the latter case, specific security issues might be considered according to system administrator's preferences, computer configurations or the operating systems security restrictions (e.g., firewall). Once the additional information is collected, the browser 301 will send back the additional information to the transaction server where transactions are validated to grant or deny the payment.

If the authentication is successful, the payment is released, otherwise it is denied. Also if no device 307 is found in the proximity of the computer 301, the authorisation for the payment is not given. Optionally, the system can also alert the phone number about the failed payment attempt. The system can also be instrumented in such a way a payment receipt is downloaded to the authentication device using the same transport channel of authentication.

As an additional feature, if the second layer authentication fails, the owner can be alerted leveraging the additional cellular information. The preferred embodiment can also leverage a user's personal information (and user's external device) to advise a user of an authentication failure, thereby providing almost instantaneous warning to the user of a potential breach in their security.

Furthermore, the second security layer can be also profiled based on multiple factors:

-   -   price of objects (defining thresholds of expense)     -   type of objects (for example books, electronic     -   website (the card can define some URL as friend URL avoiding         second layer of security) so that the additional security layer         can be activated or not.

Referring to FIG. 4, the steps of a method according to a preferred embodiment of the present invention are described. The process starts at 401 and goes to step 403 where a payment request is handled during an online shopping session performed by a user through an Internet browser from a computer (e.g., a personal computer). The second layer security check according to the present invention is an additional step to the usual authorisation procedure. Therefore, it can be performed before or after the usual verification/authorisation steps: steps 403 and 411 of FIG. 4 represent the usual flow of a state of the art authorisation process and it does not make any difference whether the “main” authorisation has been obtained before the additional security check (i.e. before step 405 of FIG. 4) or it is conditioned by the result of the additional security check of the present invention (i.e. it is performed only if the additional check herein described has been successful). At step 405, it is verified whether an additional check is required. As mentioned before, this is an optional check and it could be useful if the user wishes to perform the additional check only in predetermined circumstances or wishes to exclude the check in some cases (e.g., for low amounts). If the result of this step 405 is No, the process goes directly to step 411 and the usual authorisation process can continue, otherwise the system tries to establish the proximity connection as described above. According to a preferred embodiment of the present invention such connection is based on Bluetooth communication protocol and requires that the computer where the browser is installed is adapted to establish Bluetooth communications and that a Bluetooth device is in close proximity with the computer. In a preferred embodiment, the plug-in 305 (see FIG. 3) will try to establish a Bluetooth handshake with the phone identified in the card used to make the payment request (assuming that the phone is in range of the Bluetooth transmitter) and checking the IMEI code retrieved from the phone against the IMEI code detailed in the payment card. A prerequisite of this method is that the users had previously configured their payment card with selected information pertaining to one or more of their personal devices which will be contacted by the system.

In this way, even if the information of the credit card are known by an unauthorized user, the system will not allow the use of such credit card. If the connection (e.g., the Bluetooth connection) does not give the expected results (or no Bluetooth phone is found in the range) the payment is refused, otherwise the usual authorisation process can continue.

Referring to step 407, those skilled in the art will appreciate that other ways of communications could be used as well, e.g., instead of a Bluetooth transmission an equivalent system could be implemented by using RFID tags. In such case the plug-in 305 will attempt to read the secret information or password stored in the RFID tag identified in the card used for making the payment request. Yet another example is the use of infra-red devices, e.g., IrDA devices.

Alterations and modifications may be made to the above without departing from the scope of the invention. Naturally, in order to satisfy local and specific requirements, a person skilled in the art may apply to the solution described above many modifications and alterations. Particularly, although the present invention has been described with a certain degree of particularity with reference to preferred embodiment(s) thereof, it should be understood that various omissions, substitutions and changes in the form and details as well as other embodiments are possible; moreover, it is expressly intended that specific elements and/or method steps described in connection with any disclosed embodiment of the invention may be incorporated in any other embodiment as a general matter of design choice.

For example, similar considerations apply if the computer has a different structure or includes equivalent units; in any case, it is possible to replace the computer with any code execution entity (such as a PDA, a mobile phone, and the like).

Similar considerations apply if the program (which may be used to implement each embodiment of the invention) is structured in a different way, or if additional modules or functions are provided; likewise, the memory structures may be of other types, or may be replaced with equivalent entities (not necessarily consisting of physical storage media). Moreover, the proposed solution lends itself to be implemented with an equivalent method (having similar or additional steps, even in a different order). In any case, the program may take any form suitable to be used by or in connection with any data processing system, such as external or resident software, firmware, or microcode (either in object code or in source code). Moreover, the program may be provided on any computer-usable medium; the medium can be any element suitable to contain, store, communicate, propagate, or transfer the program. Examples of such medium are fixed disks (where the program can be pre-loaded), removable disks, tapes, cards, wires, fibers, wireless connections, networks, broadcast waves, and the like; for example, the medium may be of the electronic, magnetic, optical, electromagnetic, infrared, or semiconductor type.

In any case, the solution according to the present invention lends itself to be carried out with a hardware structure (for example, integrated in a chip of semiconductor material), or with a combination of software and hardware. 

1. A method for additional authorisation of an electronic payment request, during a main authorisation process of the electronic payment request for an online purchase by means of a browser, the browser running on a data processing system including proximity based transceiver means, the payment request being made with a payment card configured with details of at least one device in the possession of at least one owner of the card, the method comprising: suspending the main authorisation process; the proximity based transceiver means detecting the proximity of at least one portable device with whose details the payment card is configured; upon detection of at least one portable device establishing a communication session between the data processing system and the detected portable device; requesting a first code from the detected portable device; comparing the first code with a predetermined second code; resuming the main authorisation process in the event the first code substantially matches; the second code.
 2. The method of claim 1 further including: refusing the authorisation in the event the first code does not substantially match the second code; notifying the at least one owner of the card of the refused authorisation.
 3. The method of claim 1 further including: refusing the authorisation in the event the proximity based transceiver means does not detect the proximity of any portable device with whose details the payment card is configured; notifying the at least one owner of the card of the failed detection.
 4. The method of claim 1 wherein the proximity based transceiver means includes a Bluetooth device.
 5. The method of claim 4 further configuring the payment card with an International Mobile Equipment Identity (IMEI) code of a mobile phone of the owner of the card; and wherein: detecting comprises attempting to establish a Bluetooth connection with the mobile phone; and comparing the first code with a predetermined second code comprises comparing an International Mobile Equipment Identity (IMEI) code retrieved from the mobile phone with the IMEI with which the payment card is configured.
 6. The method of claim 1 wherein the proximity based transceiver means includes an RFID device.
 7. The method of claim 6 wherein the method comprises configuring the payment card with an identifier of a radio frequency identification tag on the person of an owner of the card; and detecting comprises attempting to read a code from the radio frequency identification tag.
 8. The method of claim 1 wherein the proximity based transceiver means includes an infra-red device.
 9. The method of claim 8 wherein the infra-red device includes an Infra-red Data Association (IrDA) connection device.
 10. A computer program in a computer storage medium for performing a method of for additional authorisation of an electronic payment request, during a main authorisation process of the electronic payment request for an online purchase by means of a browser, the browser running on a data processing system including proximity based transceiver means, the payment request being made with a payment card configured with details of at least one portable device in the possession of at least one owner of the card, when the computer program is executed on a data processing system, the method comprising: suspending the main authorisation process; the proximity based transceiver means detecting the proximity of at least one portable device with whose details the payment card is configured; upon detection of at least one portable device establishing a communication session between the data processing system and the detected portable device; requesting a first code from the detected portable device; comparing the first code with a predetermined second code; resuming the main authorisation process in the event the first code subtantially matches the second code.
 11. A computer program product of claim 10, wherein the method further comprises: refusing the authorisation in the event the first code does not substantially match the second code; notifying the at least one owner of the card of the refused authorisation.
 12. The computer program product as claimed in claim 10, wherein the method further comprises: refusing the authorisation in the event the proximity based transceiver means does not detect the proximity of any portable device with whose details the payment card is configured; notifying the at least one owner of the card of the failed detection.
 13. The computer program product as claimed in claim 10, wherein the method further comprises configuring the payment card with an International Mobile Equipment Identity (IMEI) code of a mobile phone of the owner of the card; and wherein: detecting comprises attempting to establish a Bluetooth connection with the mobile phone; and comparing the first code with a predetermined second code comprises the step of comparing an International Mobile Equipment Identity (IMEI) code retrieved from the mobile phone with the IMEI with which the payment card is configured.
 14. A system for authenticating an electronic payment request, for additional authorisation of an electronic payment request during a main authorisation process of the electronic payment request for an online purchase, the payment request being made with a payment card configured with details of at least one portable device in the possession of at least one owner of the card, the system including: a browser for performing online shopping activities, wherein the main authorisation process is suspended; a proximity based transceiver detecting the proximity of at least one portable device with whose details the payment card is configured; a communication system for establishing a communication session between the data processing system and the detected portable device, upon detection of at least one portable device wherein the browser requests a first code from the detected portable device, compares the first code with a predetermined second code and resumes the main authorisation process in the event the first code subtantially matches the second code.
 15. The system of claim 14 wherein the proximity based transceiver includes a Bluetooth device.
 16. The system of claim 14 wherein the payment card is configured with an International Mobile Equipment Identity (IMEI) code of a mobile phone of the owner of the card; and wherein: the communication system attempts to establish a Bluetooth connection with the mobile phone; and comparing the first code with a predetermined second code comprises comparing an International Mobile Equipment Identity (IMEI) code retrieved from the mobile phone with the IMEI with which the payment card is configured. 